Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: (cherry-pick) turn off stateful filter for egress proxies #12088

Merged
merged 1 commit into from
May 10, 2024
Merged

cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: (cherry-pick) turn off stateful filter for egress proxies #12088

merged 1 commit into from
May 10, 2024

Conversation

irbekrm
Copy link
Contributor

@irbekrm irbekrm commented May 10, 2024

Cherry-pick of #12075 against release 1.66 branch to fix the Kubernetes egress proxies.

Updates #12061

@irbekrm
cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off statefu…
e37ea80 
…l filter for egress proxies.

Turn off stateful filtering for egress proxies to allow cluster
traffic to be forwarded to tailnet.

Allow configuring stateful filter via tailscaled config file.

Deprecate EXPERIMENTAL_TS_CONFIGFILE_PATH env var and introduce a new
TS_EXPERIMENTAL_VERSIONED_CONFIG env var that can be used to provide
containerboot a directory that should contain one or more
tailscaled config files named cap-<tailscaled-cap-version>.hujson.
Containerboot will pick the one with the newest capability version
that is not newer than its current capability version.

Proxies with this change will not work with older Tailscale
Kubernetes operator versions - users must ensure that
the deployed operator is at the same version or newer (up to
4 version skew) than the proxies.

Updates #12061

Co-authored-by: Maisem Ali <maisem@tailscale.com>
Signed-off-by: Irbe Krumina <irbe@tailscale.com>
(cherry picked from commit 131ae6e)
@irbekrm irbekrm requested review from maisem and nickoneill and removed request for maisem May 10, 2024 15:43
@irbekrm irbekrm merged commit c88abff into release-branch/1.66 May 10, 2024
46 checks passed
@irbekrm irbekrm deleted the irbekrm/kube_st_cherry branch May 10, 2024 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickoneill nickoneill nickoneill approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@irbekrm @nickoneill